Within the CMS component, a set of common modules (all can be extended with
customized JAVA plug-ins) are provided for all subsystems (although some may
not be utilized by default setting, they are all available for further customization):
•
Authentication where authentication managers can be extended.
•
Authorization where authorization managers can be extended—the default is
access control list from the Internal LDAP database.
•
ACL evaluators where expression evaluators can be extended for Access
Control List evaluation—the default user/group evaluators.
•
Certificate Profiles where certificate extensions and constraints can be
extended.
•
Job scheduler where cronical scheduled events can be extended.
•
Email notification where email notification can be extended.
•
Event listeners where event listeners can be extended.
•
Publishing where publisher and its mapper can be extended.
•
Logging includes signed audit logs; where logging mechanism can be
extended.
•
Self-test where CMS start-up/on-demand self-tests can be extended.
•
Servlets depending on subsystem installation selection; where servlets can be
extended.
•
Password quality checker where password strength/quality checker can be
extended.
HTTP Engine
CMS employs the Netscape Enterprise Server as its HTTP engine. It provides the
entry point for users/applications of all types to access CMS's functions. As
discussed in the System Overview, CMS provides three types of entry points, each
serving one or more interfaces:
•
End-Entity Entry Point— provides entry point for end-entity and server
certificate enrollments of all types. A set of customizable HTML forms are
provided at this port for CA and RA end-entity users for different types of
enrollment, renewal, revocation, or certificate pick-up activities. OCSP
System Architecture
Chapter 1
Overview
59